Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Configuring a Policy for WebAuth



Article ID: KB4296 KB Last Updated: 03 Jul 2020Version: 6.0

This article explains how to configure a policy for WebAuth for ScreenOS 4.0 and later.



Note: Note:

  • This article assumes that WebAuth is configured. For information about configuring WebAuth, go to Configuring WebAuth.

Perform the following steps:

  1. Open the WebUI. For more information about accessing the WebUI, go to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.

  2. From the Juniper firewall device options menu, select Policies.

  1. From the Policies page, create a new policy or edit an existing policy.

In this example, an existing policy is edited.

  1. From the Edit Policy page, click Advanced.

  1. Select WebAuth (Local).

When WebAuth is selected, authentication is automatically enabled.


  • No Redirect: Select this option to disable the firewall from redirecting the browser to the WebAuth IP address that is mentioned under Interface settings.

  • Redirect unauthenticated traffic: Select this option to enable the firewall to automatically redirect the browser to the WebAuth IP address.

Note: The firewall will be able to redirect only when the first request that comes to the firewall is HTTP. If the DNS server is outside of the network and the traffic for the DNS has to traverse across the firewall, make sure that there is a policy at the top that allows all DNS traffic to the DNS server without authentication in the security policy. This way, when the web browser creates the HTTP GET request, the firewall can respond by redirecting the request to the WebAuth IP address.

  1. Click OK.


Modification History:
  • 2020-07-03: Removed EOS device references and replaced old WebUI pics with new WebUI pics

  • 2018-09-07: Solution updated with the redirect options that are available for WebAuth; other minor (non-technical) modifications made


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search